<!DOCTYPE html>
<?php
/* Start Ben's code */
// Start session so you can see the sesseion variables.
 session_start();

 // Check to see if the user is already logged in. If they are send redirect to user.php
if(isset($_SESSION["logged_in"]) && $_SESSION["logged_in"] == 1)
{
		$book = "book"; //$_POST['book']; 
		$page = "0016"; //$_POST['page'];
		exit(header("Location:user.php?book=".$book."&page=".$page));
}

//otherwise ask for log in information and attempt to log user in. 
else 
{   

?>
<!-- start Scott's code -->
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Login</title>
        <!-- Latest compiled and minified CSS -->
        <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/css/bootstrap.min.css">
    </head>
    <body>
	<div class="col-md-12 row bg-primary text-center">
    	    <h1>All Works of Sholem Aleichem - Login</h1>
	</div>

	<div class="text-center container">
            <h3>Login</h3>

            <!-- Form to get login information -->
            <form method="POST" action="sholem_login.php" class="form-inline">
	        <div class="form-group">
	    	    <label class="sr-only" for="inputEmail">Email address</label>
		    <input type="email" class="form-control" id="inputEmail" name="email" placeholder="Email">
	        </div>
	        <div class="form-group">
		    <label class="sr-only" for="inputPassword">Password</label>
		    <input type="password" class="form-control" id="inputPassword" name="password" placeholder="Password">
	        </div>
	        <input type="submit" name="submit" value="Sign in" class="btn btn-primary">

            <?php
			// send the book and page on so it can be sent to user.php to get the correct results. 
			if (isset($_POST['book']) && isset($_POST['page'])){
				echo '<input type="hidden" name="book" value="'.$_POST['book'].'">';
				echo '<input type="hidden" name="page" value="'.$_POST['page'].'">';
			}
			else{
				echo '<input type="hidden" name="book" value="null">';
				echo '<input type="hidden" name="page" value="null">';
			}
            ?>
            </form>
            <!-- Set a link so the can register if it is their first time trying to edit. -->
            <h4>New user? <a href="registration.php">Register here</a></h4>
	</div>

	<!-- Latest compiled and minified JavaScript -->
        <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.1/js/bootstrap.min.js"></script>
    </body>
</html>
<!-- end Scott's code -->
<?php
 }
 
 
 // Handles the login 
 if(isset($_POST['submit']))
{
    // Get all the variables that have been sent to the POST.
    $email = $_POST['email'];
    $password = $_POST['password'];
	// Added this 
	$encyrptPass = md5($password);
	$book = "book"; //$_POST['book']; //"book"; 
	$page = "0016";  //$_POST['page']; //
    // Open user.xlm to check if user info matches what is saved in the "datatbase"
    $file = simplexml_load_file("user.xml") or die("Error opening user.xml");
    // loop through all the users in user.xml
    for($i = 0; $i < count($file); $i++)
    {
      // save all of the information so it can check if it is the correct user.
      $userEmail = (string)$file->user[$i]->Email;
      $userPassword = (string)$file->user[$i]->Password;
      $userFirst = (string)$file->user[$i]->First;
      $userLast = (string)$file->user[$i]->Last;
      $userPermission = (integer)$file->user[$i]->Permission;
    //}

    // if the credentials given by the user match what are in the database then let them login. 
	/* changed this to encyrptPass */
    if(($email == $userEmail) &&  ($encyrptPass == $userPassword))
    {
      // Save user information into Session variables.
      $_SESSION['email'] = $userEmail;

      $_SESSION['first'] = $userFirst;

      $_SESSION["last"] = $userLast;

      $_SESSION["permission"] = $userPermission;
      
      $_SESSION["logged_in"] = 1;
      
/* End of Ben's code */
    if ($book == "null" && $userPermission < 2){
	   exit(header("Location:searchSholem.cgi"));
	}
	if ($book == "null" && $userPermission == 2){
		exit(header("Location:admin.php"));
	}
	
	
      //send them to user.php with the correct book and page. 
      exit(header("Location:user.php?book=".$book."&page=".$page));
    }
   }
   // If you get to here then the login failed display this alert to inform the user. 
   echo "<script type='text/javascript'>alert('Incorrect password or username.Please try again.')</script>";
}
 ?>

